I've installed Pure-FTPd on a Debian 10 machine that runs iptables
with de default DROP
policy for the INPUT
chain. The OUTPUT
chain is set to ACCEPT
.
Problem: if I try to connect an FTP client it only works sometimes. It seems to randomly be able to list folders or fail. Usually retrying a new connection will work.
My Pure-FTPd is configured with these ports:
$ cat /etc/pure-ftpd/conf/Bind
85.xxx.xxx.xxx,57419
$ cat /etc/pure-ftpd/pure-ftpd.conf | grep Port
# Port range for passive connections - keep it as broad as possible.
PassivePortRange 30000 50000
To open the ports on the firewall I used:
iptables -A INPUT -p tcp --dport 57419 -j ACCEPT
iptables -A INPUT -p tcp --dport 30000:50000 -j ACCEPT
Logs on the server:
pure-ftpd]: (?@176.x.x.x) [INFO] New connection from 176.x.x.x
pure-ftpd]: (?@176.x.x.x) [INFO] TLS: Enabled TLSv1.2 with ECDHE-RSA-AES256-GCM-SHA384, 256 secret bits cipher
pure-ftpd]: (?@176.x.x.x) [INFO] testuser is now logged in
// no more output until the client retries a new connection
Now the FTP client will say it's listing for a while and then:
Now, If I set the iptables INPUT
chain to ACCEPT
everything works fine, so it seems there's some port still blocked that Pure-FTPd randomly tries to use, how can I debug this / fix it?
Thank you.